General counsel can aid companies in overall understanding of acceptable risk.
At Lancaster, an ERM committee comprising the company’s CFO, director of international audits and Shurte works to ‘develop policies, procedures and practices for managing our material risk and report these results to the audit committee,’ he explains.
According to Shurte, this arrangement mirrors those at many publicly traded companies, although there are corporations that employ an officer whose primary responsibility is ERM. In the three years Shurte has headed Lancaster Colony’s legal department, his involvement in the ERM process has increased.
‘When I came here, the general counsel was not part of the process,’ he says. He is not the only person to notice the trend. Laurie Champion, managing director and practice leader at Aon Risk Solutions, says when she first began working with ERM clients 16 years ago, general counsel participation in the ERM process was practically unheard of.
In the last decade, however, general counsel have begun to take part, and today ‘we see an increasing number of general counsel heavily involved in leading or co-leading ERM initiatives,’ Champion says. Boston attorney Stephen Honig, a partner with Duane Morris who has 45 years of experience practicing corporate and securities law, is emphatic about the general counsel’s role in the ERM process. ‘A general counsel has to be involved,’ he says. ‘The job of management is to gather information to give to the board. The board has to be sure people are assigned within the company to gather that information.’ It can then evaluate the information with an eye on the firm’s business strategies, he adds.
Why this growing movement toward involving general counsel in the corporate ERM process? ‘A lawyer doing ERM looks at risk from strategic, operational, reporting and compliance perspectives,’ says Mark Gottlieb, a forensic accountant, business evaluation expert and owner of business consultants MSG in New York. Shurte defines ERM as a ‘detailed study of significant risks a business takes to carry on its activities, and things it does to mitigate those risks. Mitigation of risk is very important.’
A thoroughly researched ERM report weighs various risks a company might consider against the potential outcomes of undertaking such chances. When general counsel participate in ERM, corporations benefit in several ways, adds Shurte. For example, a general counsel intimately familiar with prevailing federal, state and local laws can help ensure compliance with those statutes. And while this varies from company to company, ‘a general counsel is in the position to understand a certain type of risk a firm takes. He or she often can add substantive analysis that aids in the overall understanding of acceptable risk,’ says Shurte.
Champion agrees. By the very nature of their profession, general counsel are concerned with corporate governance, so their involvement in the ERM process is a natural, she says. Tapping into both the general counsel’s legal expertise and that of other leadership team members when researching and creating risk management analysis is also important to ensure a good cross-functional understanding of risk and ERM options.
This in turn supports a ‘more efficient way to balance and allocate risk management resources,’ including staff, operations and funding, adds Champion. ‘General counsel bring a very important perspective to the table and, whether or not they are leading the ERM effort, they should be involved,’ she says. ‘This cross-functional approach is the best and most effective way to ensure value from a company’s ERM efforts.’
Perhaps that’s why her definition of ERM both mimics and fine-tunes Shurte’s. ‘ERM is a management discipline that helps organizations identify, understand, manage and report risks they either want or need to take in a proactive or strategic manner,’ Champion explains.
In Honig’s view, general counsel should be involved in the ERM process because an evolved definition of risk actually demands it. ‘Risk was originally conceptualized as financial control risk, the thought that assets were secure, no embezzlement was occurring
and the corporation was in regulatory compliance,’ he points out. Over time, however, boards have learned that it’s not enough for a company to be sure its financials are in order to achieve success. It must also behave in ways that avoid or at least minimize risk.
A fine balance
Looking at certain business failures in 2008-2009, like banks making terrible loans, it’s clear they didn’t balance the risks they were taking with logical business analyses, notes Honig. ‘What we have learned with huge company failures is that [some] companies have not thought through their business risk,’ he says. ‘Risk is multidimensional. ERM is not just financial; it’s also legal. Today, risk must be reviewed, not only financially and technically, but also via business strategies.’
He puts the onus not only on the general counsel, but also on a company’s board. ‘Boards have an obligation to review’ the strategies of the various risks a corporation is considering or actually taking, he says. In Champion’s mind, boards of directors are, or should be, concerned with three primary considerations related to the board’s risk oversight responsibilities, each related to ERM in its own way.
They are:
(i) The manner in which a well-designed ERM framework supports good corporate governance
(ii) How a thorough risk analysis conducted through
(iii) ERM methodology can help a firm understand the risks it wants or needs to take, in line with its risk tolerances, thereby helping to establish its overall corporate strategy
(iv) How an effective ERM approach supports allocation of risk management resources in a more sophisticated and proactive manner.
Champion notes that the in-depth, corporate self-analysis required to research and write a thorough risk management report is an excellent method for a company to gauge not only its financial risks, but also its personnel needs. ‘One of the primary resources we
allocate is leadership,’ she says, adding that this is why it’s imperative to use talent where it will best suit the corporation’s needs.
Gottlieb offers a different viewpoint. As his daily agenda includes analyzing corporate risk, he isn’t confident that corporate lawyers can completely comprehend the A-Z of ERM, believing that counsel may not really have tools to appreciate the intricacies involved in a comprehensive risk analysis. He assesses corporate risks for specific purposes, such as business evaluations. As a forensic accountant, he primarily focuses on three areas of corporate concern: financial risk, operational risk and other general business and
credit risks. ‘But lawyers look at [risk] differently,’ he says. ‘Sometimes, categories of risk coincide with what general counsel would pursue; sometimes they don’t.’
Time is another aspect of risk management that should not be overlooked. More specifically, says Shurte, the task of conducting a comprehensive analysis of corporate risk cannot be rushed or performed under severe time constraints. ERM is an ‘ongoing process,
and you have to commit what it requires to accomplish the requisite risk analysis,’ he says. And what should a general counsel do to ready him/herself for the intensive task of ERM analysis? ‘The best way to prepare is to know your business as best you can – not just what’s happening in the legal department, but at all levels of the firm,’ concludes Shurte.
